Cybersecurity awareness and training, for managers and employees working in Swiss hotels and Swiss subsidiaries of hotel chains.

Cybersecurity for hotels

Cybersecurity awareness and training, for managers and employees working in Swiss
hotels and Swiss subsidiaries of hotel chains.

For decades, when we were using the words “hotel security”, we were usually referring to “physical security”. It was all about guest protection, locks, safes, and surveillance.

Guests and hotel employees today expect that the same level of protection extends to the digital assets that reside not only on their laptops and smartphones, but also on the hotel’s systems. Hotels are obliged to respect this expectation, especially after the new privacy regulations, including the General Data Protection Regulation (GDPR) and the revised Data Protection Act (DPA), which must be equivalent to the GDPR.

Swiss hotels and Swiss subsidiaries of hotel chains must comply with cyber security and privacy laws and regulations, and must follow international standards and best practices that protect their guests and employees.

A new cybersecurity culture is necessary. It refers to the knowledge, beliefs, perceptions, attitudes, assumptions, norms, values and expectations of hotel guests regarding cybersecurity.

Cybersecurity awareness for all managers and employees of a hotel is necessary, in order to make information security considerations an integral part of an employee’s job, habits and conduct, embedding them in their day-to-day actions.

We tailor the program to meet specific requirements. You may contact us to discuss your needs.

Target Audience

The program is beneficial to all managers and employees working in Swiss hotels and Swiss subsidiaries of hotel chains.

Duration

Half day (09:00-13:00). We can tailor the program to meet specific requirements.

Instructor

Language

English

Course synopsis

Introduction.
- Important developments in the hospitality industry after the new privacy
regulations, including the GDPR and the revised Data Protection Act (DPA).
- Understanding the challenges.
- Hotels, and the report from the Federal Intelligence Service (FIS),
“Switzerland’s Security 2018”.
- Hotels, and the report from the Federal Council, "National Strategy for the
Protection of Switzerland Against Cyber Risks".

Who is the “attacker”?
- Countries, competitors, criminal organizations, small groups, individuals,
employees, insiders, service providers.
- Hacktivists and the hotel industry.
- Professional criminals and information warriors.How they attack hotels?
- Step 1 – Collecting information about persons and systems.
- Step 2 – Identifying possible targets and victims.
- Step 3 – Evaluation, recruitment and testing.
- Step 4 - Privilege escalation.
- Step 5 – Identifying important clients and VIPs.
- Step 6 – Critical infrastructure.Employees and their weaknesses and vulnerabilities.
- Employee collusion with external parties.
- Blackmailing employees: The art and the science.
- Romance fraudsters and webcam blackmail: Which is the risk for the hotel?Specific risks for the hospitality industry, and best practices to protect the
hotel.
- What guests need, and which are the cyber risks?- a. Speed and convenience.
- It is difficult to balance speed, convenience and security.- b. Effective and efficient web site and reservation system.
- Examples of challenges and risks.- c. Great customer service.
- Example - how it can be exploited.- d. A nice room and housekeeping.
- Example - “The cleaning staff’s hack”.- e. Food, drinks and entertainment.
- Point-of-sale (POS) fraud and challenges.
- Credit card cloning.- f. Internet access.
- Honeypots, rogue access points, man-in-the middle attack.- g. Security.
- Unauthorized access is a major problem, and social engineering is a great tool
for attackers.- h. Privacy.
- The hotel industry is considered one of the most vulnerable to data threats.- i. Money (if they can sue the hotel for negligence…).What must be protected?
- Best practices for managers and employees in the hospitality industry.
- What to do, what to avoid.
- From customer satisfaction vs. cyber security, to customer satisfaction as the
result of cyber security.
- The DarkHotel group.Malware.
- Trojan Horses and free programs, games and utilities
- Ransomware.Social Engineering.
- Reverse Social Engineering.
- Common social engineering techniques
- 1. Pretexting.
- 2. Baiting.
- 3. Something for something.
- 4. Tailgating.Phishing attacks.
- Spear-phishing.
- Clone phishing.
- Whaling – phishing for executives.
- Smishing and Vishing Attacks.Cyber Hygiene.
- The online analogue of personal hygiene.
- Personal devices in the hotel.
- Untrusted storage devices.Case studies.
- InterContinental.
- Wyndham.
- Starwood.
- Hyatt.
- Hilton.
- Romantik Seehotel Jägerwirt.
- What has happened?
- Why did it happen?
- Which were the consequences?
- How could it be avoided?
- Closing remarks and questions.

Cost

For in-house instructor-led training, delivered at your premises (any location in
Switzerland), the all-inclusive cost is CHF 5'000 for 1-20 participants, and CHF
200 for each additional participant (over 20 participants). Instructor travel expenses and all other expenses are included in program price and will not be
billed separately. For instructor-led training in other countries, you may contact us.

In-House Instructor-Led Terms and Conditions, Cancellation Policy

1. An invoice will be sent to the client after the training, and must be paid up to 30
days after the last date of the training. No upfront payment is required.
2. Cancellation from the client less than 72 hours before the scheduled start date
will be subject to a cancellation fee of CHF 2'500.
3. Cancellation from the client 3-10 days before the scheduled start date will be
subject to a cancellation fee of CHF 1'250.
4. Cancellation from the client more than 10 days before the scheduled start date
will not be subject to any cancellation fee.
5. Force Majeure - Neither the client nor Cyber Risk GmbH shall be liable to any
penalty should courses be cancelled due to war, fire, strike lock-out, industrial
action, accident / illness of the instructor, civil disturbance, or any other cause
whatsoever beyond their control.
6. In the unlikely event of a cancellation by Cyber Risk GmbH, any payment made
for the cancelled class will be refunded. The client understands and agrees that
Cyber Risk GmbH shall not, in any way, be held responsible for any costs,
including loss of airfare or other transportation costs, hotel expenses or other
damages, which the client may suffer if Cyber Risk GmbH cancels a class.